VIRUS
VIRUS is a ransomware that runs on Microsoft Windows. It was discovered by Jakub Kroustek. It is part of the CrySiS/Dharma family. Payload Transmission VIRUS is distributed through trojans, spam campaigns, untrustworthy download channels, fake software updaters and "cracking" (activation) tools. Infection As VIRUS encrypts, it renames all files with victim's unique ID number, its developers email address and ".VIRUS" extension. Therefore, a file like "1.jpg" would appear as something similar to "1.jpg.id-1E857D00.amandacerny89@aol.com.VIRUS", and so forth. After this process is complete, a text file ("FILES ENCRYPTED.txt") is created on the desktop and a pop-up widow is displayed. The text file informs victims that their data has been locked, to retrieve it they must write to the email addresses provided. The message in the pop-up window is a more detailed ransom note. It repeats that all of the users' files have been encrypted and to recover them, they must contact the developers of VIRUS. The email has to have the unique ID number in the title/subject. If no answer comes in 24 hours, victims are to use the other email address. The size of the ransom is not stated, it will depend on how quickly the cyber criminals are contacted. The payment will have to be made in Bitcoin cryptocurrency and there is information listed on how to procure said currency. As proof of their ability to restore the data, the criminals offer to decrypt one file free of charge. Provided, if the file is no larger than 1Mb (non-archived) and contains no valuable information, such as database, backup, large excel sheet, etc. Users are warned not to rename the files and not to attempt manual decryption with third party software - as that will result in permanent data loss. Text presented in VIRUS ransomware's pop-up window: All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail amandacerny89@aol.com Write this ID in the title of your message 1E857D00 In case of no answer in 24 hours write us to these e-mails:homer89263@hotmail.com You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. hxxps://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. Category:Win32 ransomware Category:Ransomware Category:Win32 trojan Category:Win32 Category:Microsoft Windows Category:Trojan Category:Virus Category:Win32 virus